package cn.xphsc.web.boot.xss.filter;

import cn.xphsc.web.boot.xss.XssHttpServletRequestWrapper;
import cn.xphsc.web.boot.xss.exception.XssException;
import cn.xphsc.web.common.enums.ExceptionEnum;
import cn.xphsc.web.common.response.ResultMapper;
import cn.xphsc.web.utils.JacksonUtils;
import cn.xphsc.web.utils.StringUtils;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:cn/xphsc/web/boot/xss/filter/XssFilter.class */
public class XssFilter implements Filter {
    private boolean parameterEabled;
    public List<String> excludes = new ArrayList(10);
    public static final String POST = "post";

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (handleExcludeURL(httpServletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if ("post".equalsIgnoreCase(httpServletRequest.getMethod()) && httpServletRequest.getHeader("Content-Type").contains("multipart/form-data")) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        try {
            filterChain.doFilter(new XssHttpServletRequestWrapper((HttpServletRequest) servletRequest, this.parameterEabled), servletResponse);
        } catch (Exception e) {
            servletRequest.setCharacterEncoding("UTF-8");
            servletResponse.setContentType("application/json; charset=utf-8");
            PrintWriter writer = servletResponse.getWriter();
            ResultMapper resultMapper = null;
            if (StringUtils.isNotBlank(e.getMessage())) {
                if (e.getMessage().contains(XssException.class.getName())) {
                    resultMapper = ResultMapper.builder().mapping("code", Integer.valueOf(ExceptionEnum.XSS_EXCEPTION.getCode())).mapping("message", ExceptionEnum.XSS_EXCEPTION.getName()).build();
                } else if (e.getMessage().contains(String.valueOf(ExceptionEnum.XSS_EXCEPTION.getCode()))) {
                    resultMapper = ResultMapper.builder().mapping("code", Integer.valueOf(ExceptionEnum.XSS_EXCEPTION.getCode())).mapping("message", ExceptionEnum.XSS_EXCEPTION.getName()).build();
                }
            }
            if (resultMapper != null) {
                writer.append((CharSequence) JacksonUtils.toJSONString(resultMapper));
                writer.close();
            }
        }
    }

    private boolean handleExcludeURL(HttpServletRequest httpServletRequest) {
        if (this.excludes == null || this.excludes.isEmpty()) {
            return false;
        }
        String servletPath = httpServletRequest.getServletPath();
        Iterator<String> it = this.excludes.iterator();
        while (it.hasNext()) {
            if (Pattern.compile("^" + it.next()).matcher(servletPath).find()) {
                return true;
            }
        }
        return false;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.parameterEabled = Boolean.parseBoolean(filterConfig.getInitParameter("parameterEabled"));
        String initParameter = filterConfig.getInitParameter("excludes");
        if (initParameter != null) {
            String[] split = initParameter.split(StringUtils.COMMA);
            for (int i = 0; split != null && i < split.length; i++) {
                this.excludes.add(split[i]);
            }
        }
    }

    public void destroy() {
    }
}
